From 92e00bb0ecc2a4a21cb0d044bb9ae5fac5d20a64 Mon Sep 17 00:00:00 2001
From: Nathan Gray <nathangray.bsc@gmail.com>
Date: Wed, 6 Mar 2013 15:30:06 +0000
Subject: [PATCH] Add ACL check to read-only category selection and nextmatch
 row color

---
 etemplate/inc/class.etemplate.inc.php     | 3 +++
 etemplate/inc/class.select_widget.inc.php | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/etemplate/inc/class.etemplate.inc.php b/etemplate/inc/class.etemplate.inc.php
index 28260805f1..0afced871e 100644
--- a/etemplate/inc/class.etemplate.inc.php
+++ b/etemplate/inc/class.etemplate.inc.php
@@ -726,6 +726,9 @@ class etemplate extends boetemplate
 	{
 		static $cat2color;
 
+		// ACL check
+		$cats = $GLOBALS['egw']->categories->check_list(EGW_ACL_READ,$cats);
+
 		if (!$cats) return null;
 
 		if (isset($cat2color[$cats]))
diff --git a/etemplate/inc/class.select_widget.inc.php b/etemplate/inc/class.select_widget.inc.php
index e8faea24c0..31530c2496 100644
--- a/etemplate/inc/class.select_widget.inc.php
+++ b/etemplate/inc/class.select_widget.inc.php
@@ -175,6 +175,10 @@ class select_widget
 					if ($value)
 					{
 						if (!is_array($value)) $value = explode(',',$value);
+						// Filter ACL
+						$value = $GLOBALS['egw']->categories->check_list(EGW_ACL_READ,implode(',',$value));
+						$value = explode(',',$value);
+
 						foreach($value as $key => $id)
 						{
 							if ($id && ($name = stripslashes($GLOBALS['egw']->categories->id2name($id))) && $name != '--')